Security Breaches at Zenith American Solutions, Centerstone, and Southwest Behavioral & Health Services

Zenith American Solutions, the Sound Health and Wellness Trust’s third-party manager, recently advised people regarding a mailing error that compromised their Social Security numbers of the people. Based on the breach notification, the company sent a mailing to individuals on June 24, 2022, telling them to accomplish their Personal Health Assessments or Health Profiles to sign up for the 2023 Health Reimbursement Account.

The record used for making the mailing labels contained full Social Security numbers of people. That is why, the SSNs were printed entirely on the mailing labels together with full names, postal addresses, and unique ID numbers. The mailing labels additionally tagged a person as having enrolled in the Sound Health and Wellness Trust.

Zenith American Solutions stated it has enforced new quality control methods to make sure there are no identical incidents down the road and affected people got offers of complimentary credit monitoring and identity theft protection services for 2 years.

The breach report submitted to the HHS’ Office for Civil Rights indicated that 37,146 individuals were impacted.

Centerstone Reports Email Security Breach

Centerstone, offering mental health, residential care, addiction recovery, therapeutic foster care, counseling, and crisis services, has lately announced that the protected health information (PHI) of certain current and former Centerstone clients was exposed and possibly got by unauthorized persons.

The strange activity was noticed in the Centerstone email environment on February 14, 2022. The company took immediate steps to secure email accounts by executing a password reset, and investigated the incident to figure out the nature and scope of the security breach. The investigation affirmed that an unauthorized third party accessed three employee email accounts between November 4, 2021 and February 14, 2022.

A thorough review of the affected email accounts was done on July 12, 2022, and ascertained they included individuals’ PHI like names, birth dates, addresses, Social Security numbers, client ID numbers, medical diagnoses, treatment details, and/or health insurance data.

Centerstone has sent the breach report to the HHS’ Office for Civil Rights, however, the incident is not yet published on the OCR breach website. Therefore, it is not clear how many people were impacted. Centerstone mentioned it has carried out more safeguards to better secure its email system.

Email Account Breach at Southwest Behavioral & Health Services

Southwest Behavioral & Health Services based in Phoenix, Az provides outpatient mental health treatment and psychiatric services. It recently informed 1,337 persons about an unauthorized third party that acquired access to the email account of a staff. The email account comprised individuals’ names, dates of birth, addresses, email addresses, phone numbers, resume data, medical diagnosis details, and Social Security numbers.

The breach was discovered on July 15, 2022. It was confirmed to have occurred on May 5, 2022. The provider delivered notification letters to affected persons on August 1, 2022. There was no evidence found that indicates the theft of any PHI; nevertheless, as a precaution, impacted people were offered a free identity theft protection services membership through IDX.

Southwest Behavioral & Health Services mentioned further that safety measures were carried out to avoid further email data breaches and extra security awareness training was offered to the employees.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at